Threat actors were able to breach the department using the credentials accessed through phishing emails.